The Monero community would like to do anything it can to stop the spread of this type of worm. The more security researchers we have to assist us the better. If you are interested in helping us after reading the Monero Research Lab papers linked below, please support our stack exchange proposal

Is currently mining at a rate of 6.92 KH/sec as I type this comment and has been active for months.

If you really want to stop them just shut down all of their mining pool accounts and seize funds as soon as they are detected. They will move onto another cryptocurrency once it becomes a headache and hassle for them.

If you really want to stop them just shut down all of their mining pool accounts and seize funds as soon as they are detected. They will move onto another cryptocurrency once it becomes a headache and hassle for them.

I've already notified the pool operator of the pool that was shown in the report.

I'll contact those as well. I contacted the owner of moneropool because I noticed his pool when I first glanced at the report. However, like u/cloud10again said, that will still just be a game of cat and mouse, as generating new addresses is pretty free and trivial.

Please don't tamper with the PoW, Monero is one of the few coins that can still be mined on CPUs, so of course it's the obvious coin to use for something like this, but it also means that the coin is that much more accessible to the general public.

If Monero would change to a different PoW algorithm, it would change to one which is more ASIC resistant. This particular "incident" won't make the developers change to a different PoW algorithm.

They used to say the same about Bitcoin, Litecoin, and many of the other alt coins. With enough interest someone can develop hardware that should be able to mine faster/better than a CPU can, but it simply requires time, patience, and lots of money.

Originally forked from the Cryptonote reference code, but increasingly bears less similarity to it. We're 2000+ commits beyond that original fork point, without sharing any of the work between BCN and XMR.

We're not trying to make Monero more valuable, we're trying to make it useful, secure, and usable. The perceived value of Monero should come from its utility, not from tricks that try to increase the market price.

While this is true for Bitcoin and other currencies that use SHA256 for their proof of work, Monero differs in that it can be mined profitably from consumer hardware. In fact, specialized hardware such as ASICS may not ever be economically feasible with Monero's memory-hardened algorithm.

Hey, I'm the author of the report!
We have a very low end estimate of between a few hundred dollars to a few thousand dollars a month depending on how many victim machines are online and the current exchange rate.

It is likely Monero was picked because it has the combination of both cheap mining requirements and a solid exchange rate.

Can you publish a list of all wallet addresses you have found this malicious worm & it's actors to be using? It would be very useful for tracking down their accounts at the various mining pools and shutting them down.

Neat, I'll look around! Last I did any mining it was through clevermining.com but I think I was only making like $50 a month or something. I'm between clevermining, ipominer or just doing straight ethereum or monero. I'm guessing it probably won't make a huge difference in the end.

I did the same back in 2012 and switched to Quark which was CPU only. I was making around $50 a month (free power FTW) until the market dropped out and now all of my Quark coins might be worth 5 cents. I still think I have 3 or 4 Litecoins to my name.

While this is true for Bitcoin and other currencies that use SHA256 for their proof of work, Monero differs in that it can be mined profitably from consumer hardware. In fact, specialized hardware such as ASICS may not ever be economically feasible with Monero's memory-hardened algorithm.

It's impossible to say if ASIC mining will ever come to Monero, but it's proof of work was carefully designed to minimize their profitability gap and resist mining centralization. The obvious downside is that the currency becomes a target for botnets and malware.

I'm not sure how (or if) price factors into any of this. Monero is currently trading around $1.30 each.

Embed the EICAR test file into the bitmonero. Tell all legitimate users that they need to add an exclusion in their AV software for bitmonero. Somehow stop the old versions of bitmonero from working (I dont know how, this is probably where my cunning plan falls down).
Now people who have not installed the bitmonero knowingly will be alerted by their AV software.

Over the past few months, we’ve been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by mining Monero.